[security advisory] http://wiki.nginx.org/Redmine

Sarah Novotny sarah at nginx.com
Mon Mar 9 15:51:17 UTC 2015


Hi Gena, 

I’m happy to have you update the wiki now that you’ve reported your concerns.  

Do you have an account on the wiki?  If not, please request one and let me know via email at sarah at nginx.com and we’ll get you set up with privileges to edit the page.

Sarah


> On Mar 9, 2015, at 8:21 AM, Gena Makhomed <gmm at csdoc.com> wrote:
> 
> On 09.03.2015 16:48, Edho Arief wrote:
> 
>>>> From reading the redmine docs, it looks like the contents of the "root"
>>>> directive directory should be whatever is in the distributed redmine
>>>> public/ directory; not the entire installation including configuration.
> 
>> It's a public wiki, not some official documentation. If there's error
>> you can just go ahead and change it.
> 
> And it will be silent fixing of security vulnerability in nginx
> configuration recommended for redmine, so all previous redmine instances, configured by this manual will be vulnerable.
> 
> I prefer to report about this vulnerability in nginx mail list,
> so all people who configure redmine by this recommended manual
> can fix this security vulnerability in their own redmine installs.
> 
> ===============================================================
> 
> Also, I can't fix security vulnerabilities in nginx/1.5.12
> used at site http://wiki.nginx.org/ and can't contact with
> Cliff Wells by e-mail cliff at nginx.org and other e-mails.
> 
> -- 
> Best regards,
> Gena
> 
> _______________________________________________
> nginx mailing list
> nginx at nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx
> 



More information about the nginx mailing list